Slow Fog Cosine: Phishing gangs are using Google subdomains to carry out a new round of phishing attacks,诱导用户泄露账户密码.

BlockBeats reports that on April 20, Yuxian, the founder of Slow Fog, posted on social media stating that the ENS chief developer had previously fallen victim to a phishing attack that exploited a vulnerability in Google's infrastructure. The phishing gang deceived users by disguising phishing emails as official Google communications, tricking users into being targeted by law enforcement. Although Google has implemented countermeasures, today the phishing gang launched a new round of phishing attacks and will continue to lure users to a "google.com" subdomain, inducing users to leak their account passwords and immediately add Passkey. BlockBeats previously reported that on April 16, ENS chief developer nick.eth stated that he had encountered an extremely complex phishing attack that exploited a vulnerability in Google's infrastructure, but Google refused to fix the vulnerability. He indicated that the attack emails appeared very authentic, could pass DKIM signature verification, and were displayed normally in Gmail, appearing alongside other legitimate security warnings. The attackers utilized Google's "Sites" service to create a trustworthy "support portal" page, as users would see the domain containing "google.com" and mistakenly believe it was safe, and users must remain vigilant.